Ruby Gonzalez, the Head of Communications at NordVPN talked to PreciseSecurity.com about the cybersecurity market and how the industry is moving forward by creating and investing in new products and services. There are many challenges that the sector needs to face, including the fast learning rate of hackers.
She has also mentioned that one of the main reasons that push users to start using security solutions include regional tensions, among other things.
1. Considering many governments in different jurisdictions are increasing their scrutiny over their citizens, do you see an increased use of your VPN services in particular countries?
“Yes, we do. For example, we saw a spike of new Indian users at the end of July – beginning of August. Such an increase might be related to tensions in the Kashmir region. Also, recent internet restrictions in Iraq can also be linked to three times bigger interest in our services by Iraqis from the beginning of October.”
2. Which do you consider are the main factors that push individuals to start using NordVPN? Who else and in what circumstances should someone use a VPN?
“Users turn to NordVPN not only when countries interfere with internet freedom. The overall trend is that the use of VPN is spreading beyond tech-savvy people. It is becoming more popular among regular household users who have never used a VPN service before.
The primary use of a VPN is to safely access the internet, especially while traveling and browsing on public Wi-Fi networks. The second important VPN use is the ability to access unrestricted and uncensored content from anywhere in the world.”
3. Are you seeing an increase in VPN usage for mobile apps? Can you tell us what % of your VPN users are on mobile vs desktop?
“Yes, there is an increase. More and more people understand that smartphones are as vulnerable as computers and, therefore, need the same level of protection. Currently, 52% of our users use the desktop version, while the other 15% use the mobile app, and 33% of users use both versions.”
4. A few weeks ago NordVPN confirmed it was affected by a hack. What do you think failed on your side and what are you doing to prevent it from happening again in the future?
“The breach was made possible by poor configuration on a third-party datacenter’s part that we were never notified of. Evidence suggests that when the datacenter became aware of the intrusion, they deleted the accounts that had caused the vulnerabilities rather than notify us of their mistake. We are glad that the affected server did not contain any user activity logs. It means, that no user credentials were affected.
However, after the incident, we decided to take our security to the next level and make sure nothing like that ever happens again. We are planning to implement five measures that will make us as secure as possible. For example, we are partnering with a leading cybersecurity consulting firm that will help our in-house team of penetration testers challenge our infrastructure; we just introduced a bug bounty program; we are planning a full-scale infrastructure audit; we are reviewing how we work with our data-centers; and finally, we are upgrading our entire infrastructure to serverless RAM servers.”
5. Your in-house team of penetration testers will be working with cybersecurity firm VerSprite, can you tell us what is the goal of this new agreement?
“Penetration testers are a key part of our security efforts. Their job is to prod our infrastructure for weaknesses and find them before anybody else does. VerSprite will help our in-house team of penetration testers challenge our infrastructure and ensure the security of our customers. Additionally, together with VerSprite we are gathering a committee of cybersecurity experts, who will help and counsel us.”
6. Some reports claim NordVPN is expected to launch a new bug bounty program and find vulnerabilities. Is this true? Which other measures do you have in mind to increase users’ trust in your services? Do you think a bug bounty program would work well?
“NordVPN has officially launched its bug bounty program just last week. Bug bounty programs invite ethical hackers to catch potential security vulnerabilities, and report them to service providers. This way, bounty hunters get cash rewards, and users get a service they know is scoured for bugs by thousands of people every day to make it as secure as possible. We strongly believe that community participation is essential for reaching this goal.
By the way, NordVPN’s bounties can range from $100 for minor issues to over $5,000 for critical flaws. All the findings must be reported using the HackerOne platform.”
7. Considering that VPN would not protect users from viruses and tracking information, are you considering addressing these issues in the future?
“Our aim is to provide a suite of cybersecurity products and while the development of antivirus software is not in our pipeline, tracking prevention is something we may introduce in the future.
8. What are your plans for the future and how do you see the VPN industry moving forward during the next few years?
“Apart from working towards becoming faster, stronger, and more secure, we are planning to become an all-round cybersecurity solution. This year, we officially launched a file encryption tool, called NordLocker, a business VPN solution NordVPN Teams, and a new generation password manager NordPass. The overall security of our customers is the highest priority for us and we will continue to raise our standards further and further.
The importance of the VPN industry has been growing immensely as a result of internet restrictions, heavy censorship, or surveillance in some countries. Thus, people turn to VPNs to secure their private data and get open access to the internet.”
9. Taking into account companies fix security issues after they happen, what do you consider improves faster: hackers or security companies?
“This is why bug bounty programs have been so popular – to get ahead of hackers. Sometimes security companies hire hackers to try to crack their products. Therefore, there’s no right answer to this question as both sides improve fast.”
10. According to reports, back in 2018, the information security technology market reached a valuation of $96.3 billion. By 2023 it is projected to reach $151 billion. Do you think this is a plausible increase?
“The increase in the valuation of the information security technology market might reach $151 billion or even surpass this number by 2023. Funding in cybersecurity has been increasing for quite some time now. Not only various companies but governments too have been investing greater sums of money in their digital security because cybercriminals’ attacks have become more frequent and more damaging. Bigger investments allow security companies to create advanced products.”
Thank you, Ruby, for the conversation!